Hi
I've spent a few hours trying to resolve security (authorization) related
problem in a big Pyramid app.
The problem was on my side - an exception was thrown inside __acl__
property on RootFactory level, something like this:
class RootFactory(object):
@property
def __acl__(self):
def load_ACL():
acl = []
for group in GroupFacade*.all()*: # 'all' function was not
defined
...
return acl
return load_ACL()
In result access to all views with permission defined was denied.
After small investigation I've found that this exception was silently
handled on Pyramids side:
for location in lineage(context):
try:
acl = location.__acl__
except AttributeError:
*continue*
I think that it should be a good idea to change this behavior or add proper
trace here.
Any exception related to missing attribute here will cause hard to find
error and misleading trace:
<No ACL found on any object in resource lineage>
Any ideas to handle it in a proper way?
--
Thanks
Artur Lew
--
You received this message because you are subscribed to the Google Groups
"pylons-discuss" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/pylons-discuss/-/WzA1b5gTWV0J.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/pylons-discuss?hl=en.